Headline
CVE-2023-26108: fix: use pipeline over stream.pipe by jmcdo29 · Pull Request #9819 · nestjs/nest
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.
@@ -3,21 +3,19 @@ import { types } from 'util’; import { isFunction } from '…/utils/shared.utils’; import { StreamableFileOptions } from './streamable-options.interface’;
interface StreamableHandlerResponse { export interface StreamableHandlerResponse { statusCode: number; send: (msg: string) => void; }
export class StreamableFile { private readonly stream: Readable;
private handler: (err: Error, response: StreamableHandlerResponse) => void = ( err: Error, res, ) => { res.statusCode = 400; res.send(err.message); }; protected handler: (err: Error, response: StreamableHandlerResponse) => void =
jmcdo29 marked this conversation as resolved.
Show resolved Hide resolved
(err: Error, res) => { res.statusCode = 400; res.send(err.message); };
constructor(buffer: Uint8Array, options?: StreamableFileOptions); constructor(readable: Readable, options?: StreamableFileOptions);
Related news
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.